3.0.0

27 Aug 2018

Changes from 1.2.9 to 3.0.0:* new UI layer with two skins* completely updated profile and proxy management* new functional settings* settings moved to app from system* Private Tunnel and Access Server sections* automated import from Access Server with link and credentials* extended statistics about connection and visualization of data flow* fixed various bugs

1.2.9

24 Feb 2018

Changes from 1.2.8 to 1.2.9:* show MD5 warning pop-up only once per VPN session* fix glitch upon key re-negotiation when using tls-crypt* fix interoperability issue with private keys created using OpenSSL 1.1 default settings (aka add support for private keys encrypted using PKCS#5v2.0 with PRF newer than SHA1)

* converted VPN backend to new Apple Network Extensions framework* implemented private keychain for storing certificates and passwords. PKCS#12 bundles imported via Safari or Mail must now end with '.ovpn12'* implemented support for "tls-crypt" config option. If the OpenVPN server you are connecting to has enabled this option, it will provider a safer method to exchange certificates during the initial TLS handshake* improved log verbosity* added preference switch to disable MD5 in TLS* updated mbedTLS to 2.6.0 (MD5 support will be dropped on Apr, 31st 2018)* updated ovpn3 backend

1.2.5

8 Jan 2018

Changes between 1.1.1 and 1.2.5:

* improved log verbosity* added preference switch to disable MD5 in TLS* converted VPN backend to new Apple Network Extensions framework* implemented private keychain for storing certificates and passwords. PKCS#12 bundles imported via Safari or Mail must now end with '.ovpn12'* implemented support for "tls-crypt" config option. If the OpenVPN server you are connecting to has enabled this option, it will provider a safer method to exchange certificates during the initial TLS handshake* updated mbedTLS to 2.6.0 (MD5 support will be dropped on Apr, 31st 2018)* updated ovpn3 backend

Changes between 1.1.0 and 1.1.1:* updated ovpn3 backend and plugin* better support for NAT64* workaround for sweet32 vulnerability* implementation of relay protocol

Changes between 1.0.7 and 1.1.0:

* The OpenVPN Setting "Force AES-CBC ciphersuites" is now off by default. If you experience connection issues with this change, you can easily turn it back on in the Settings App under OpenVPN.

* Known issue: sometimes after install, the OpenVPN settings in the Settings app may vanish. This is a known iOS issue. A suggested workaround is to quit the Settings app by double-tapping the home button, and then dragging Settings out of the list of apps. The next time you launch Settings, the OpenVPN settings ought to show up.

1.1.1

Changes between 1.1.0 and 1.1.1:* updated ovpn3 backend and plugin* better support for NAT64* workaround for sweet32 vulnerability* implementation of relay protocol

Changes between 1.0.7 and 1.1.0:

* The OpenVPN Setting "Force AES-CBC ciphersuites" is now off by default. If you experience connection issues with this change, you can easily turn it back on in the Settings App under OpenVPN.

* Known issue: sometimes after install, the OpenVPN settings in the Settings app may vanish. This is a known iOS issue. A suggested workaround is to quit the Settings app by double-tapping the home button, and then dragging Settings out of the list of apps. The next time you launch Settings, the OpenVPN settings ought to show up.

1.0.5

14 Sep 2014

Changes between 1.0.4 and 1.0.5:

* Fixed Import Profiles bug that affects 1.0.4 on iOS 8. This issue causes OpenVPN to fail to detect new profiles that are available for import.

* Support new iOS 8 feature where Settings App can be used to launch native OpenVPN profiles. Note that only autologin profiles (i.e. profiles that don't require credential entry) can be launched using this mechanism.

* Added "Seamless Tunnel" setting (See OpenVPN section of Settings App) for iOS 8 and higher. Make a best-effort to keep the VPN tunnel active during pause, resume, and reconnect states to minimize the likelihood of packet leakage during sleep/wakeup and network reconfiguration events.

* Recognize backslash as a directory separator, to allow import of Windows profiles.

* Library updates: PolarSSL : 1.3.8 Boost : 1.56.0

1.0.4

29 Jan 2014

Changes between 1.0.3 and 1.0.4:

* Added "Force AES-CBC ciphersuites" setting to revert to SSL/TLS negotiation strategy used in OpenVPN Connect 1.0.0 and 1.0.1. This option constrains the OpenVPN TLS negotiation to one of two standard AES-CBC ciphersuites and is provided as a compatibility option when connecting to servers that use legacy SSL implementations.

* Known issue: Automatic reconnect/wakeup onto cellular data doesn't work with iOS 7.0.x. A fix is expected in iOS 7.1.

* Known issue: IPv6 tunnel routes may not be added to the routing table on iOS 7. Workaround: use redirect-gateway instead of pushing specific IPv6 routes. For example, from the server:

push "redirect-gateway ipv6"

or client:

redirect-gateway ipv6

Note that iOS 7 requires that if redirect-gateway is used, that it is used for both IPv4 and IPv6 as the above directive accomplishes.

* Added support for "http-proxy" and "http-proxy-option" directives in the profile. Note that these directives are currently only supported in the main profile, outside of blocks. Also note that proxy settings in the Settings app under OpenVPN always have priority over proxy directives given in the profile.

* Worked around an issue where connect slider control was sending repeating ON/OFF messages to the app. This could potentially cause connection failures where the connect slider control would move into the ON position, the credentials fields would be cleared, but no connection would occur, or the connection slider would freeze in the OFF position.

* Allow "Certificate" field in UI to remain unselected for profiles that connect without a client certificate.

* Re-added support for DES-CBC cipher that was inadvertently dropped in 1.0.2 (Note: DES-CBC is an obsolete, insecure cipher that should no longer be used. It is provided only for compatibility with legacy systems).

* Added additional PKCS#1 signature methods. This may fix an issue where the following error is seen in the log: "PolarSSLContext::epki_sign unrecognized parameters, mode=1 hash_id=11 hashlen=32"

* Added new OpenVPN Setting "Network state detection" that allows control over how OpenVPN handles network state changes. For more info, see app Help FAQ under the section "What is the meaning of the various OpenVPN settings in the iOS Settings App?"

* Support iOS .mobileconfig profiles that contain standard OpenVPN profiles (previously only VPN-On-Demand .mobileconfig profiles were supported). See app Help for detailed instructions on how to create an OpenVPN .mobileconfig profile.

1.0.3

Raised minimum required iOS version to 6.1 (iOS 5.1.1 installer will not install Connect, and will delete previous working 1.0.1 install)

Changes between 1.0.1 and 1.0.2:

* Added support for ARM-64 including iPhone 5s and iPad Air.

* Allow password to be saved for static challenge/response profiles.

* Resolved the issue where iOS plugin was not able to fully enumerate the cert chain from Keychain Identities. Note that this solution is still not ideal because the iOS keychain appears unable to import a PKCS#12 file as a bundle. It only imports the leaf cert/key and ignores the rest. So for this fix to be effective, each of the root and intermediate certs in the PKCS#12 file must be manually extracted and separately imported as .crt files.

Note that this is a separate and distinct feature from the one to connect through an HTTP proxy. This feature allows proxy options to be set for Safari (and possibly other apps as well) for the duration of the VPN session.

These options can be placed directly in the profile, i.e.

--> dhcp-option PROXY_HTTP 10.144.5.14 3128

or pushed by the server:

--> push "dhcp-option PROXY_HTTP 10.144.5.14 3128"

* Updated PolarSSL to 1.2.10. This version of PolarSSL adds support for PKCS#8 private keys.

* Fixed issue where some pushed options were incorrectly persisting across reconnections.

* Fixed options parsing issue if non-aggregate option was specified in profile as well as pushed by server (the pushed version should win).

* Implemented "inactive" directive.

* Relax options parser somewhat and follow OpenVPN 2.x behavior where if more than one instance of an option exists, and a single instance of the option is required, use the last instance. Previously we would raise an exception in this case.

* Added tls-version-min directive, to require server to support a minimum TLS version. For example,

--> tls-version-min 1.2

would require TLS 1.2 or higher for connection with the server. The connection would fail if the server cannot meet this requirement.

* Support "setenv opt" prefix before directives, where its presence indicates that the directive is optional, i.e. if a client doesn't understand the directive, it should simply ignore it.

This behavior is somewhat different (by design) to 2.x branch, which will raise a fatal exception if an unrecognized option is encountered.

1.0.2

16 Dec 2013

* Added support for ARM-64 including iPhone 5s and iPad Air.

* Allow password to be saved for static challenge/response profiles.

* Resolved the issue where iOS plugin was not able to fully enumerate the cert chain from Keychain Identities. Note that this solution is still not ideal because the iOS keychain appears unable to import a PKCS#12 file as a bundle. It only imports the leaf cert/key and ignores the rest. So for this fix to be effective, each of the root and intermediate certs in the PKCS#12 file must be manually extracted and separately imported as .crt files.

Note that this is a separate and distinct feature from the one to connect through an HTTP proxy. This feature allows proxy options to be set for Safari (and possibly other apps as well) for the duration of the VPN session.

These options can be placed directly in the profile, i.e.

--> dhcp-option PROXY_HTTP 10.144.5.14 3128

or pushed by the server:

--> push "dhcp-option PROXY_HTTP 10.144.5.14 3128"

* Updated PolarSSL to 1.2.10. This version of PolarSSL adds support for PKCS#8 private keys.

* Fixed issue where some pushed options were incorrectly persisting across reconnections.

* Fixed options parsing issue if non-aggregate option was specified in profile as well as pushed by server (the pushed version should win).

* Implemented "inactive" directive.

* Relax options parser somewhat and follow OpenVPN 2.x behavior where if more than one instance of an option exists, and a single instance of the option is required, use the last instance. Previously we would raise an exception in this case.

* Added tls-version-min directive, to require server to support a minimum TLS version. For example,

--> tls-version-min 1.2

would require TLS 1.2 or higher for connection with the server. The connection would fail if the server cannot meet this requirement.

* Support "setenv opt" prefix before directives, where its presence indicates that the directive is optional, i.e. if a client doesn't understand the directive, it should simply ignore it.

As device moves between WiFi and cellular networks, proactively reconnect.

Raise an error when unsupported modes are used, such as static key mode.

Support "tcp-client" usage such as this: remote foo.bar 1194 tcp-client

Client will report its protocol as UDPv4 or TCPv4_CLIENT in options compatibility string even if running over IPv6 transport to maintain compatibility with OpenVPN 2.x branch.

Support client profiles that use Windows UTF-8 BOM.

Added "Reconnect on wakeup" preference (on by default).

The "key-direction" default has been changed to "bidirectional" for compatibility with OpenVPN 2.x branch, however the previous default ("1") will be retained for profiles imported with 1.0.0 to avoid breakage. Note, however, that the previous default cannot be retained for previously imported VPN-on-Demand profiles, which could potentially fail to connect if they don't declare a key-direction key/value pair on the assumption that it defaults to "1". The solution is to explicitly declare key-direction in VPN-on-Demand profiles if the OpenVPN configuration file they are derived from declares it as well.

Fixed bug where pushed ifconfig subnet was not routing into the tunnel.

When split-tunnel VPN configuration is used (i.e. not redirect-gateway), and at least one pushed DNS server is present: (a) route all DNS requests through pushed DNS server if no added search domains, or (b) route DNS requests for only specifically added search domains if at least one added search domain.

Fixed bug where app would crash on startup if device keychain had certificate with nil subjectSummary.

Fixed an issue that prevented an External Certificate profile from also being an Autologin profile.

Fixed a corner case where profiles with saved passwords that connect to a server that uses Session ID tokens (such as an Access Server) would fail to automatically reconnect after long pause periods, such as when the device is asleep.

Ratings and Reviews

3.3 out of 5

84 Ratings

84 Ratings

Lhadz
, 12/07/2017

Application Review

I have been using this for some time. And it pretty serves me well.I am just wondering why does openvpn keeps on disconnecting when I am in idle mode. Is there a way to set it up on settings? Because I am tinkering the settings but nothing happens. Please..Thank you and regards,

Lhadz
, 12/07/2017

Application Review

I have been using this for some time. And it pretty serves me well.I am just wondering why does openvpn keeps on disconnecting when I am in idle mode. Is there a way to set it up on settings? Because I am tinkering the settings but nothing happens. Please..Thank you and regards,

cooleytkeyel
, 11/01/2018

is now unstable

what happened? before the update from 1.2.4 to 1.2.5 I can still use it without a problem but after I updated to the latest version of the app all my .ovpn configs become unstable every single file can’t even stay connected for at least 10 minutes. Is there a way to install the old version even the version one step before this one

cooleytkeyel
, 11/01/2018

is now unstable

what happened? before the update from 1.2.4 to 1.2.5 I can still use it without a problem but after I updated to the latest version of the app all my .ovpn configs become unstable every single file can’t even stay connected for at least 10 minutes. Is there a way to install the old version even the version one step before this one

sarslemagne
, 05/06/2018

Awesome!

Been using it for quite some time and its really useful especially if I want to want Internet TV channels and sites that are region specific.

sarslemagne
, 05/06/2018

Awesome!

Been using it for quite some time and its really useful especially if I want to want Internet TV channels and sites that are region specific.